From 64793cb7b8a7fae8a75c1f35fd21f76a4926a4c9 Mon Sep 17 00:00:00 2001 From: Developer Date: Fri, 20 Mar 2026 02:42:29 -0400 Subject: [PATCH] feat: Add comprehensive log path mapping for all platforms NEW FILES: - lib/log-paths.sh: Derives all log file paths based on detected system ENHANCEMENTS: - Added detect_mail_system() to lib/system-detect.sh - Detects: Exim (cPanel), Postfix (Plesk), Sendmail - Updated initialize_system_detection() to call derive_all_log_paths() - Updated launcher.sh to source log-paths.sh LOG PATH CATEGORIES NOW DERIVED: 1. Web Server Logs (domain + main access/error) 2. Authentication Logs (SSH, sudo, logins) 3. Mail System Logs (Exim, Postfix, Sendmail) 4. Firewall Logs (CSF, firewalld, iptables) 5. Control Panel Logs (cPanel, Plesk, InterWorx) 6. Database Logs (MySQL, MariaDB, PostgreSQL) 7. Security Scanner Logs (ClamAV, Maldet, Rkhunter, Imunify) 8. System Logs (messages/syslog, kernel, auth) 9. PHP Logs (FPM, error logs) 10. Service Logs (FTP, DNS, SSH) All paths now account for: - Control panel differences (cPanel vs Plesk vs InterWorx vs Standalone) - OS differences (RHEL/CentOS/AlmaLinux vs Ubuntu/Debian) - Mail system differences (Exim vs Postfix vs Sendmail) - Database differences (MySQL vs MariaDB vs PostgreSQL) --- launcher.sh | 1 + lib/log-paths.sh | 367 +++++++++++++++++++++++++++++++++++++++++++ lib/system-detect.sh | 44 ++++++ 3 files changed, 412 insertions(+) create mode 100644 lib/log-paths.sh diff --git a/launcher.sh b/launcher.sh index 0cfa08e..a0962ab 100755 --- a/launcher.sh +++ b/launcher.sh @@ -28,6 +28,7 @@ CONFIG_DIR="$BASE_DIR/config" # Load core libraries source "$LIB_DIR/common-functions.sh" || { echo "ERROR: Failed to load common-functions.sh"; return 1; } source "$LIB_DIR/system-detect.sh" || { echo "ERROR: Failed to load system-detect.sh"; return 1; } +source "$LIB_DIR/log-paths.sh" || { echo "ERROR: Failed to load log-paths.sh"; return 1; } source "$LIB_DIR/domain-discovery.sh" || { echo "ERROR: Failed to load domain-discovery.sh"; return 1; } source "$LIB_DIR/user-manager.sh" || { echo "ERROR: Failed to load user-manager.sh"; return 1; } source "$LIB_DIR/reference-db.sh" || { echo "ERROR: Failed to load reference-db.sh"; return 1; } diff --git a/lib/log-paths.sh b/lib/log-paths.sh new file mode 100644 index 0000000..a1d3981 --- /dev/null +++ b/lib/log-paths.sh @@ -0,0 +1,367 @@ +#!/bin/bash + +############################################################################# +# System Log Paths Mapping +# Derives platform-specific log file locations based on detected system info +# Must be sourced AFTER lib/system-detect.sh has set SYS_* variables +############################################################################# + +# Source guard +if [ -n "${_LOG_PATHS_LOADED:-}" ]; then + return 0 +fi +readonly _LOG_PATHS_LOADED=1 + +############################################################################# +# WEB SERVER LOGS +############################################################################# + +derive_web_server_logs() { + # Domain/vhost access logs + case "$SYS_CONTROL_PANEL" in + cpanel) + # cPanel uses centralized domlogs directory + export SYS_LOG_WEB_DOMAIN_ACCESS="/var/log/apache2/domlogs" + export SYS_LOG_WEB_DOMAIN_ERROR="/var/log/apache2/domlogs" + ;; + plesk) + # Plesk version 18.0.50+ has different structure + if [ -d "/var/www/vhosts/system" ]; then + export SYS_LOG_WEB_DOMAIN_ACCESS="/var/www/vhosts/system" + export SYS_LOG_WEB_DOMAIN_ERROR="/var/www/vhosts/system" + else + export SYS_LOG_WEB_DOMAIN_ACCESS="/var/www/vhosts" + export SYS_LOG_WEB_DOMAIN_ERROR="/var/www/vhosts" + fi + ;; + interworx) + # InterWorx stores logs per user/domain + export SYS_LOG_WEB_DOMAIN_ACCESS="/home" + export SYS_LOG_WEB_DOMAIN_ERROR="/home" + ;; + *) + # Standalone - no per-domain logs + export SYS_LOG_WEB_DOMAIN_ACCESS="" + export SYS_LOG_WEB_DOMAIN_ERROR="" + ;; + esac + + # Main web server logs (varies by web server and OS) + case "$SYS_WEB_SERVER" in + apache|httpd) + if [ "$SYS_OS_TYPE" = "ubuntu" ] || [ "$SYS_OS_TYPE" = "debian" ]; then + export SYS_LOG_WEB_ACCESS="/var/log/apache2/access.log" + export SYS_LOG_WEB_ERROR="/var/log/apache2/error.log" + else + # RHEL, CentOS, AlmaLinux, CloudLinux + export SYS_LOG_WEB_ACCESS="/var/log/httpd/access_log" + export SYS_LOG_WEB_ERROR="/var/log/httpd/error_log" + fi + ;; + nginx) + if [ "$SYS_OS_TYPE" = "ubuntu" ] || [ "$SYS_OS_TYPE" = "debian" ]; then + export SYS_LOG_WEB_ACCESS="/var/log/nginx/access.log" + export SYS_LOG_WEB_ERROR="/var/log/nginx/error.log" + else + export SYS_LOG_WEB_ACCESS="/var/log/nginx/access.log" + export SYS_LOG_WEB_ERROR="/var/log/nginx/error.log" + fi + ;; + litespeed|openlitespeed) + export SYS_LOG_WEB_ACCESS="/usr/local/lsws/logs/access.log" + export SYS_LOG_WEB_ERROR="/usr/local/lsws/logs/error.log" + ;; + *) + export SYS_LOG_WEB_ACCESS="" + export SYS_LOG_WEB_ERROR="" + ;; + esac +} + +############################################################################# +# AUTHENTICATION LOGS +############################################################################# + +derive_auth_logs() { + case "$SYS_OS_TYPE" in + ubuntu|debian) + export SYS_LOG_AUTH="/var/log/auth.log" + export SYS_LOG_WTMP="/var/log/wtmp" + export SYS_LOG_BTMP="/var/log/btmp" + ;; + *) + # RHEL, CentOS, AlmaLinux, CloudLinux, Rocky Linux + export SYS_LOG_AUTH="/var/log/secure" + export SYS_LOG_WTMP="/var/log/wtmp" + export SYS_LOG_BTMP="/var/log/btmp" + ;; + esac +} + +############################################################################# +# MAIL SYSTEM LOGS +############################################################################# + +derive_mail_logs() { + case "$SYS_MAIL_SYSTEM" in + exim) + # cPanel, InterWorx typically use Exim + export SYS_LOG_MAIL_MAIN="/var/log/exim_mainlog" + export SYS_LOG_MAIL_REJECT="/var/log/exim_rejectlog" + export SYS_LOG_MAIL_PANIC="/var/log/exim_paniclog" + ;; + postfix) + # Plesk default, or standalone Postfix + if [ "$SYS_OS_TYPE" = "ubuntu" ] || [ "$SYS_OS_TYPE" = "debian" ]; then + export SYS_LOG_MAIL_MAIN="/var/log/mail.log" + else + # RHEL-based + export SYS_LOG_MAIL_MAIN="/var/log/maillog" + fi + export SYS_LOG_MAIL_REJECT="" + ;; + sendmail) + if [ "$SYS_OS_TYPE" = "ubuntu" ] || [ "$SYS_OS_TYPE" = "debian" ]; then + export SYS_LOG_MAIL_MAIN="/var/log/mail.log" + else + export SYS_LOG_MAIL_MAIN="/var/log/maillog" + fi + ;; + *) + export SYS_LOG_MAIL_MAIN="" + export SYS_LOG_MAIL_REJECT="" + ;; + esac + + # Mail queue directory (for queue checks) + case "$SYS_MAIL_SYSTEM" in + exim) + export SYS_MAIL_QUEUE_DIR="/var/spool/exim" + ;; + postfix) + export SYS_MAIL_QUEUE_DIR="/var/spool/postfix" + ;; + sendmail) + export SYS_MAIL_QUEUE_DIR="/var/spool/mqueue" + ;; + *) + export SYS_MAIL_QUEUE_DIR="" + ;; + esac +} + +############################################################################# +# FIREWALL LOGS +############################################################################# + +derive_firewall_logs() { + case "$SYS_FIREWALL" in + csf) + export SYS_LOG_FIREWALL="/var/log/lfd.log" + export SYS_LOG_FIREWALL_BLOCK="/var/log/lfd.log" + ;; + firewalld) + # firewalld logs to journal, but may have a log file + if [ -f "/var/log/firewalld" ]; then + export SYS_LOG_FIREWALL="/var/log/firewalld" + else + export SYS_LOG_FIREWALL="/var/log/messages" # Falls back to syslog + fi + ;; + iptables) + # iptables logs to syslog/messages + if [ "$SYS_OS_TYPE" = "ubuntu" ] || [ "$SYS_OS_TYPE" = "debian" ]; then + export SYS_LOG_FIREWALL="/var/log/syslog" + else + export SYS_LOG_FIREWALL="/var/log/messages" + fi + ;; + plesk) + export SYS_LOG_FIREWALL="/var/log/swsoft/swsoft.log" + ;; + *) + export SYS_LOG_FIREWALL="" + ;; + esac +} + +############################################################################# +# CONTROL PANEL LOGS +############################################################################# + +derive_control_panel_logs() { + case "$SYS_CONTROL_PANEL" in + cpanel) + export SYS_LOG_PANEL="/usr/local/cpanel/logs" + export SYS_LOG_PANEL_ERROR="/usr/local/cpanel/logs/error_log" + export SYS_LOG_PANEL_ACCESS="/usr/local/cpanel/logs/access_log" + ;; + plesk) + export SYS_LOG_PANEL="/var/log/plesk" + export SYS_LOG_PANEL_ERROR="/var/log/plesk/panel.log" + export SYS_LOG_PANEL_ACCESS="/var/log/plesk/panel.log" + ;; + interworx) + export SYS_LOG_PANEL="/home/interworx/var/log" + export SYS_LOG_PANEL_ERROR="/home/interworx/var/log/iworx.log" + export SYS_LOG_PANEL_ACCESS="/home/interworx/var/log/siteworx.log" + ;; + *) + export SYS_LOG_PANEL="" + export SYS_LOG_PANEL_ERROR="" + export SYS_LOG_PANEL_ACCESS="" + ;; + esac +} + +############################################################################# +# DATABASE LOGS +############################################################################# + +derive_database_logs() { + case "$SYS_DB_TYPE" in + mysql|mariadb) + if [ "$SYS_OS_TYPE" = "ubuntu" ] || [ "$SYS_OS_TYPE" = "debian" ]; then + export SYS_LOG_DB_ERROR="/var/log/mysql/error.log" + export SYS_LOG_DB_SLOW="/var/log/mysql/slow.log" + else + # RHEL-based + if [ "$SYS_DB_TYPE" = "mariadb" ]; then + export SYS_LOG_DB_ERROR="/var/log/mariadb/mariadb.log" + else + export SYS_LOG_DB_ERROR="/var/log/mysqld.log" + fi + export SYS_LOG_DB_SLOW="/var/log/mysql/slow.log" + fi + ;; + postgresql) + if [ "$SYS_OS_TYPE" = "ubuntu" ] || [ "$SYS_OS_TYPE" = "debian" ]; then + export SYS_LOG_DB_ERROR="/var/log/postgresql/postgresql.log" + else + export SYS_LOG_DB_ERROR="/var/log/pgsql/postgresql.log" + fi + export SYS_LOG_DB_SLOW="" + ;; + *) + export SYS_LOG_DB_ERROR="" + export SYS_LOG_DB_SLOW="" + ;; + esac +} + +############################################################################# +# SECURITY SCANNER LOGS +############################################################################# + +derive_security_logs() { + # ClamAV + if [ -f "/var/log/clamav/clamscan.log" ]; then + export SYS_LOG_CLAMAV="/var/log/clamav/clamscan.log" + else + export SYS_LOG_CLAMAV="/var/log/clamav.log" + fi + + # Maldet + export SYS_LOG_MALDET="/var/log/maldet.log" + + # Rkhunter + export SYS_LOG_RKHUNTER="/var/log/rkhunter.log" + + # Imunify + if [ -d "/var/log/imunify360" ]; then + export SYS_LOG_IMUNIFY="/var/log/imunify360" + elif [ -d "/var/log/imunifyav" ]; then + export SYS_LOG_IMUNIFY="/var/log/imunifyav" + else + export SYS_LOG_IMUNIFY="/var/log/imunify.log" + fi +} + +############################################################################# +# SYSTEM LOGS +############################################################################# + +derive_system_logs() { + case "$SYS_OS_TYPE" in + ubuntu|debian) + export SYS_LOG_SYSTEM="/var/log/syslog" + export SYS_LOG_MESSAGES="/var/log/syslog" + export SYS_LOG_KERN="/var/log/kern.log" + export SYS_LOG_PKG_MGR="/var/log/apt/history.log" + ;; + *) + # RHEL-based + export SYS_LOG_SYSTEM="/var/log/messages" + export SYS_LOG_MESSAGES="/var/log/messages" + export SYS_LOG_KERN="/var/log/kern.log" + export SYS_LOG_PKG_MGR="/var/log/yum.log" + ;; + esac + + # Audit log (standard across all) + export SYS_LOG_AUDIT="/var/log/audit/audit.log" +} + +############################################################################# +# PHP LOGS +############################################################################# + +derive_php_logs() { + # PHP-FPM error log + if [ -d "/var/log/php-fpm" ]; then + export SYS_LOG_PHP_FPM="/var/log/php-fpm" + else + export SYS_LOG_PHP_FPM="/var/log/php-fpm.log" + fi + + # PHP error log (from ini, but common defaults) + if [ "$SYS_CONTROL_PANEL" = "cpanel" ]; then + export SYS_LOG_PHP_ERROR="/usr/local/php/lib/php.log" + else + export SYS_LOG_PHP_ERROR="/var/log/php-errors.log" + fi +} + +############################################################################# +# SERVICE-SPECIFIC LOGS +############################################################################# + +derive_service_logs() { + # FTP + export SYS_LOG_FTP="/var/log/vsftpd.log" + + # DNS + export SYS_LOG_DNS="/var/log/named.log" + + # SSH (same as auth) + case "$SYS_OS_TYPE" in + ubuntu|debian) + export SYS_LOG_SSH="/var/log/auth.log" + ;; + *) + export SYS_LOG_SSH="/var/log/secure" + ;; + esac +} + +############################################################################# +# MAIN DERIVATION FUNCTION +############################################################################# + +derive_all_log_paths() { + derive_web_server_logs + derive_auth_logs + derive_mail_logs + derive_firewall_logs + derive_control_panel_logs + derive_database_logs + derive_security_logs + derive_system_logs + derive_php_logs + derive_service_logs +} + +# Auto-run if sourced with detection complete +if [ -n "${SYS_DETECTION_COMPLETE:-}" ]; then + derive_all_log_paths +fi diff --git a/lib/system-detect.sh b/lib/system-detect.sh index 18c8aa9..61ae42b 100755 --- a/lib/system-detect.sh +++ b/lib/system-detect.sh @@ -397,6 +397,43 @@ detect_firewall() { return 1 } +############################################################################# +# MAIL SYSTEM DETECTION +############################################################################# + +detect_mail_system() { + [ -n "$SYS_DETECTION_COMPLETE" ] || print_info "Detecting mail system..." + + # Exim (cPanel default) + if command_exists exim; then + SYS_MAIL_SYSTEM="exim" + SYS_MAIL_SYSTEM_VERSION=$(exim -bV 2>/dev/null | head -1 | grep -oP 'Exim version \K[^ ]+' || echo "unknown") + print_success "Detected Exim ${SYS_MAIL_SYSTEM_VERSION}" + return 0 + fi + + # Postfix + if command_exists postqueue; then + SYS_MAIL_SYSTEM="postfix" + SYS_MAIL_SYSTEM_VERSION=$(postconf mail_version 2>/dev/null | grep -oP '\d+\.\d+\.\d+' | head -1 || echo "unknown") + print_success "Detected Postfix ${SYS_MAIL_SYSTEM_VERSION}" + return 0 + fi + + # Sendmail + if command_exists sendmail; then + SYS_MAIL_SYSTEM="sendmail" + SYS_MAIL_SYSTEM_VERSION=$(sendmail -d0.1 -O QueueDirectory=/tmp 2>&1 | head -1 | grep -oP '\d+\.\d+\.\d+' || echo "unknown") + print_success "Detected Sendmail ${SYS_MAIL_SYSTEM_VERSION}" + return 0 + fi + + SYS_MAIL_SYSTEM="none" + SYS_MAIL_SYSTEM_VERSION="" + print_warning "No mail system detected" + return 1 +} + ############################################################################# # SYSTEM RESOURCES (Comprehensive - like user's example) ############################################################################# @@ -564,10 +601,16 @@ initialize_system_detection() { detect_php_versions detect_cloudflare detect_firewall + detect_mail_system get_system_resources # Mark as initialized export SYS_DETECTION_COMPLETE="yes" + + # Derive platform-specific log paths (requires detect_* functions to have run first) + if command -v derive_all_log_paths &>/dev/null; then + derive_all_log_paths + fi } # Export all functions for use in subshells and sourced scripts @@ -578,6 +621,7 @@ export -f detect_database export -f detect_php_versions export -f detect_cloudflare export -f detect_firewall +export -f detect_mail_system export -f get_system_resources export -f show_system_info export -f initialize_system_detection